Connections closed immediately

General questions
1

I’m a bit perplexed on this one. I’m running pihole in a local container. Seems to run fine. But I cannot use dns port 53 (tcp or udp) when coming in to the LAN ip of 10.10.0.1. When I come in to the lo IP of 127.0.0.1, all good. HTTP on port 80 works from LAN ip.
Here’s a set of commands I think show the story. Ports 80 and 53 are both listening on 0.0.0.0. Telnet connects fine on port 80 to 10.10.0.1. Telnet to port 53 closes immediately. But, telnet to port 53 on 127.0.0.1 stays connected.

vyos@vyos:~$ netstat -an | grep 53 | grep LISTEN
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
tcp6       0      0 :::53                   :::*                    LISTEN
unix  2      [ ACC ]     STREAM     LISTENING     5317     /var/run/frr/eigrpd.vty
unix  2      [ ACC ]     STREAM     LISTENING     5322     /var/run/frr/staticd.vty
unix  2      [ ACC ]     STREAM     LISTENING     5327     /var/run/frr/bfdd.vty

vyos@vyos:~$ netstat -an | grep 80 | grep LISTEN
tcp        0      0 127.0.0.1:18003         0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
unix  2      [ ACC ]     STREAM     LISTENING     280492   s
unix  2      [ ACC ]     STREAM     LISTENING     4480     /var/run/frr/ripd.vty
unix  2      [ ACC ]     STREAM     LISTENING     3802     /run/vyos-configd.sock

vyos@vyos:~$ ifconfig | grep inet
        inet 10.0.3.125  netmask 255.255.255.0  broadcast 10.0.3.255
        inet6 fe80::6c23:acff:fecc:86e3  prefixlen 64  scopeid 0x20<link>
        inet 10.10.0.1  netmask 255.255.255.0  broadcast 10.10.0.255
        inet6 fe80::14d4:c9ff:fe0a:6ab8  prefixlen 64  scopeid 0x20<link>
        inet 10.10.2.1  netmask 255.255.255.0  broadcast 10.10.2.255
        inet6 fe80::14d4:c9ff:fe0a:6ab8  prefixlen 64  scopeid 0x20<link>
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 fe80::200:ff:fe00:0  prefixlen 64  scopeid 0x20<link>
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        inet 10.0.6.2  netmask 255.255.255.0  destination 10.0.6.2
        inet6 fe80::fc1b:47ff:febc:a84  prefixlen 64  scopeid 0x20<link>

vyos@vyos:~$ /usr/bin/telnet 10.10.0.1 80
Trying 10.10.0.1...
Connected to 10.10.0.1.
Escape character is '^]'.
I'm In Here Connected
^]

telnet> Connection closed.

vyos@vyos:~$ /usr/bin/telnet 10.10.0.1 53
Trying 10.10.0.1...
Connected to 10.10.0.1.
Escape character is '^]'.
Connection closed by foreign host.

vyos@vyos:~$ /usr/bin/telnet 127.0.0.1 53
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
I'm In Here Connected.
^]

telnet> Connection closed.

I typed I’m In Here Connected. whenever telnet was left open. Just to show that I was not kicked out.

If it’s firewall related, I think it’s just LOCAL-LAN, which I have allowed. Am I wrong?

name LOCAL-LAN {
        default-action accept
        enable-default-log
    }
3

Fixed it. I guess for anyone else if you come across this. There’s a setting in Pihole called “Permit All Origins”. For some reason it was defaulting to only permit eth0, which is WAN, and blocked via firewall. Not sure why I can’t just change the permit to eth1, but it seems to be either eth0 or All.

2 Likes
4

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.